The role
We are hiring our Founding Lead Security Architect — the single technical
authority for Acrivault's platform architecture. You will own the v2 reference
architecture end-to-end across eight tiers, twenty microservices, seven data
stores, and five engineering pillars (Discovery, Governance, Identity
Firewall, Lifecycle, AI Intelligence). You will hand the specifications to a
Backend Engineer and a Frontend Engineer to build, and you will sign off on
every milestone before payment is released.
This is a hands-on architect role, not a director role. You will write the
architecture documents, design the data models, specify the OpenAPI contracts,
define the SPIFFE/SPIRE workload-identity issuance, design the 4.5 ms p99
authorization path, and shape the polyglot data layer, including the vector
store powering injection-detect and the AI-BOM lineage graph. You will also
write significant production code in the first six months — particularly in
the Identity Firewall hot path (PDP, attestation-svc, injection-detect) and
the AI Intelligence pillar (agent-session-svc, ai-bom-service, replay-api).
What you'll build
● The full AI-Native reference architecture: eight tiers (Customer
Environment, Edge & Ingress, Unified Control Plane, Discovery, Governance,
Identity Firewall, AI Intelligence, Lifecycle, Data Layer, Security &
Infrastructure Foundation, Compliance & Residency).
● The Identity Firewall hot path: PDP (stateless Go service, 3-AZ replicated,
99.99% SLA), attestation-svc (SPIFFE/SPIRE workload identity verification),
injection-detect (sub-millisecond prompt-injection enricher running Llama
Guard plus heuristics), all inside a 4.5 ms p99 envelope.
● The AI Intelligence pillar (new in v2): agent-session-svc capturing every AI
agent session as a replay able timeline in Click House, ai-bom-service
maintaining the AI Bill of Materials lineage graph in Neo4j, replay-api
powering the dashboard timeline viewer.
● The Tier 8 Compliance & Residency primitives that make Day-1 NIST CSF 2.0
plus HIPAA-readiness real: PHI/PII Classifier, Residency Router, Evidence
Collector, Immutable Audit Trail.
● The fourteen architectural deliverables that the rest of the engineering
team builds against: System Architecture Diagram, Database Schema, Terraform
IaC, OpenAPI Specification, Security Architecture Document, Technology
Decision Record, Multi-Tenant Onboarding Flow, Capacity Planning Document,
Canonical Event Schema, SIEM Connector Plugin Framework, PDP/PEP Reference
Architecture, Behavioral Feature Specification, Modularity Contract,
Architecture Walkthrough Recording.